How To Protect Yourself From the Top 20 Security Threats

With cybercrime on the rise, protecting yourself and your information will become more challenging. Learn the most common ways crackers attack, and how you can protect yourself with vigilance and commonly available tools. There's also a helpful rundown of the SANS Top 20 Most Critical Internet Security Threats list.

This chapter is from the book

The purpose of this chapter is to illustrate the methodology and steps a
hacker or cracker employs when attacking a network. It also provides an overview
of the System Administration Network Security (SANS) Top 20 vulnerabilities that
crackers can exploit.

The Difference Between Hackers and Crackers

To understand the methodology of a hacker or cracker, one must understand
what a hacker or a cracker is. Internet enthusiasts have argued the difference
between hackers and crackers for many years. This chapter contains my
contribution to that debate.

If I were forced to define the terms hacker and cracker, my
bottom line would probably be this:

A hacker is a person intensely interested in the arcane and
recondite workings of any computer operating system. Hackers are most often
programmers. As such, hackers obtain advanced knowledge of operating systems and
programming languages. They might discover holes within systems and the reasons
for such holes. Hackers constantly seek further knowledge, freely share what
they have discovered, and never intentionally damage data.

A cracker is one who breaks into or otherwise violates the system
integrity of remote machines with malicious intent. Having gained unauthorized
access, crackers destroy vital data, deny legitimate users service, or cause
problems for their targets. Crackers can easily be identified because their
actions are malicious.

Additionally, it should be mentioned that there are two major types of
crackers. The first is fortunately few and far between. They are the expert
crackers who discover new security holes and often write programs that exploit
them. The second type, the script kiddie, only knows how to get these
programs and run them. Script kiddies are more numerous, but much easier to stop
and detect.